mailing list archives
Re: lots of connections to 18.104.22.168 port 80
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 18 Apr 2008 10:38:56 -0400
Recently I have seen a lots of connections to 22.214.171.124 port 80 in
one of our clients network.
could be a lot of things .. do you have tcpdump? .. a packet trace would
make your attempt at collective troubleshooting a *lot* easier .. but
DDOS is an easy "malicious" guess. Non-malicious ones could be something
like a blog/article on that box that just got featured on Digg/Slashdot/etc.
Connections are coming from all over the Internet (various different
IPs) specifically to this IP.
Yeah .. that's how the Internet works.
What kind of problem this could be?
Has anybody seen this kind of attack before?
Do you admin that box at 126.96.36.199? .. if it's a webserver, check the
logs .. what's being requested?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/